Software // Enterprise Applications
04:58 PM

Amid The Rush To Web 2.0, Some Words Of Warning

All that social interaction and user-generated content opens a Pandora's box of security concerns.

As businesses rush to get involved in Web 2.0, they must think about the security implications of all those blogs, wikis, and social networks. They could be putting their networks, employees, and customers at risk.

"Web 2.0 is all about openness and freedom," says Kris Lamb, director of the IBM Internet Security Systems division's X-Force security research organization. "You're really tearing down the traditional barriers that have kept companies safe."

Business managers and marketing heads like the idea of customer-generated content. An automobile maker, for instance, might start a social network or blog, allowing customers to write about their experiences and post pictures and video.

Most Frequently Blocked Web Sites
Percentage of Barracuda Networks' customers blocking these sites
But just look at some of Web 2.0's darlings to see what can go wrong. Hackers and spammers can create their own pages on MySpace and riddle them with malicious code to infect their social networking peers. One worm planted in a MySpace page infected more than 1 million users. And malware writers are beginning to target vulnerabilities in Ajax applications, which help make the Web 2.0 Web sites so dynamic.

"You have to remember that you're taking all this code from the back end and pulling it down to the client," says David Cole, director of Symantec Security Response. "If you have some goofy code in there, you could be exposing it with these technologies."

Web 2.0 technologies allow data to move in new ways at faster speeds, complicated by the fact that users are so much more involved. "You've got to make sure you're protecting users from each other," says Paul Judge, CTO at security vendor Secure Computing. "You have to have some containment and control."

IT managers need to make sure they take appropriate safeguards as their companies adopt Web 2.0 techniques and technologies. If a company is going to use third-party components or widgets, it should trust the source and audit the software, says Judge. Users shouldn't be allowed to use JavaScript, and IT administrators should assume spammers will find their sites, which means setting up protections and cautioning users against posting too much personally identifying information. He also recommends scanning company blogs to make sure no malicious code lies hidden within. When To Block Businesses and other organizations need to consider the implications of letting employees tap into Web 2.0 sites from work PCs. When the Defense Department recently banned its personnel from visiting social networking and entertainment sites such as MySpace, YouTube, and 11 others, it cited bandwidth constraints and security concerns.

Web-based content is generally blocked for three reasons: to avoid liability for any illegal activity involving workers, to reduce the risk of malware infections, and to prevent drop-offs in employee productivity.

InformationWeek Download

Most companies are more concerned with blocking certain Web site categories—gambling and adult sites, for example—than with targeting individual Web sites like MySpace and YouTube, says Stephen Pao, VP of product management at Web filtering company Barracuda Networks.

Of course, social networking and other Web 2.0 sites may have value to workers beyond any distractions they might cause. Half of the 162 customers polled recently by security vendor Sophos say employees should be able to access MySpace. A quarter of respondents are opposed to blocking access to MySpace because the effort would be too complicated and time consuming, while the rest worry about employee backlash at having MySpace access taken away.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 17, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.